问题
I start by saying I'm a beginner. I'm setting up a system where I collect some JSON files, I parse them in JAVA (Spring batch) and the part where I'm stuck is sending these files to the HTTP EVENT COLLECTOR (HEC) in Splunk enterprise. I tried crawling the web for some beginner-friendly guides but I couldn't find anything. I want to send POST to the Splunk enterprise with said files, so I can index them after they've been sent. So far I could only connect to localhost:8089 like this:
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs connectionArgs = new ServiceArgs();
connectionArgs.setHost("localhost");
connectionArgs.setUsername("AdrianAlter");
connectionArgs.setPassword("mypassword");
connectionArgs.setPort(8089);
connectionArgs.put("scheme","https");
// will login and save the session key which gets put in the HTTP Authorization header
Service splunkService = Service.connect(connectionArgs);
System.out.println("Auth Token : " + splunkService.getToken());
Job info = splunkService.getJobs().create("search index=main");
System.out.println("Info: ");
回答1:
It is a bit unclear what you are trying to do. In the text, you say you are trying to send data with HTTP Event Collector (HEC). However, the sample code looks to be trying to perform a search.
To send data to a HEC endoint in Java, the following code snippet may be a suitable starting point.
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://<SERVER>:8088/services/collector/event");
httppost.addHeader("Authorization", " Splunk <token id>");
String eventStr = "{sourcetype=_json, index=main, event={ <JSON> }}"
httppost.setEntity(new StringEntity(eventStr);
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
System.out.println("response: " + entity);
来源:https://stackoverflow.com/questions/58555219/how-do-i-send-json-files-to-splunk-enterprise-from-java